acm-header
Sign In

Communications of the ACM

Virtual extension

Authentication in E-Commerce


In online marketplaces like the Internet, both buyers and sellers face high levels of uncertainty. Concerns about security, trust, authentication, fraud, and risk of loss are often cited as among the most significant barriers to the growth of e-commerce [4]. A particularly important factor feeding the uncertainty is that traditional authentication mechanisms based on physical inspection are not feasible online. Simply automating traditional processes used in the physical marketplace cannot solve the authentication problem in e-commerce.

Online authentication involves much more than the obvious identification and validation problem. We present here a comprehensive framework for online authentication which has several important practical benefits. For instance, we show that there is a significant temporal aspect to the authentication problem over the lifetime of transactional relationships. Also, we illustrate how the framework can be used to evaluate existing authentication mechanisms. This, in turn, can facilitate the development of new mechanisms and processes to better authenticate the parties, products, and processes involved in online transactions.

The issue of authentication has been addressed in a variety of contexts, from secure and distributed computing to mobile systems, as well as e-commerce and autonomous computing. In most of the e-commerce literature, discussion of authentication is limited to identification and identity validation [4, 11]. Recent empirical studies on consumer attitudes towards online stores indicates that trust issues going beyond identification are of significant concern, and furthermore, that these factors are influenced by a variety of demographic and cultural factors in addition to site functionality [6, 7, 8]. Also, several models have been proposed recently for trust mechanisms for autonomous computing environments using software agents [1]. However, systematic research to build a comprehensive body of knowledge in this area is still needed.

Back to Top

A Conceptual Framework for Online Authentication

Authentication has been defined in various ways. One view is that authentication establishes "the identity of one party to another" [11]. Another perspective is of authentication as "a core set of activities used to verify the quality and features of the product offered, the authenticity of the trading parties, and monitor conformance to the contract or agreement among parties" [9]. Building upon these and other views, we view authentication as involving two major dimensions: identity and quality (see also [2]).

Online buyers and sellers need to obtain authentication information about each other and verify the trustworthiness of this authentication information. Thus, authentication can also be viewed in terms of a second set of dimensions: information and trust. Trust is based on the expectation that a trustee will act in the interests of the trustor, without a guarantee, and is mainly involved with minimizing the risk of harm [5]. For instance, a buyer's trust in an online seller is violated if the seller collects the buyer's money and personal information without delivering the desired goods.

The two sets of dimensions, and the fact that a commercial transaction involves at the least a buyer, a seller, and a product/service, lead to a three-dimensional conceptual framework of authentication in e-commerce, as depicted in Figure 1. This implies twelve issues, ranging from the support of information on the identity of the buyer to the establishment of trust in terms of the quality of the product. These twelve issues, along with current authentication mechanisms that can provide support in each area, are exemplified in Table 1.

To appreciate the framework in Table 1, consider some of its components. For instance, in buyer-identity-information authentication, the seller can learn the identity of the buyer based on one or more of the following three factors: something the buyer knows; something the buyer has; and something the buyer is [11]. The first case is easy to see, since the buyer has private information that can serve to identify them (for example, social security number). In the second case, the buyer could also be identified by their possession of a particular device (such as a smart card, token, or digital certificate). In the third case, the buyer could be identified using mechanisms based on biometrics such as fingerprint or retinal eye pattern scanners, facial recognition systems, and signature-verification devices. In some situations, affiliation with a group (for example, a corporate purchasing unit) may be more important than the individual's identity. This leads to a fourth category: something the buyer does, based on group characteristics such as a group user-ID or the firm's digital certificate.

Also, information and trust are different, and often need different mechanisms. For instance, sellers can design the online buyer-seller interface in such a way that information on the quality of their offerings is accurately conveyed to establish product-quality-information authentication. However, the trustworthiness of this product quality information at the product-quality-trust authentication level requires additional mechanisms, such as product try-outs, endorsement by trusted third parties, or, as discussed in Choi et al. [3], intermediaries like an electronic mall that create so-called incomplete contracts with sellers to use the mall only as long as they maintain acceptable quality.

Back to Top

Evaluation of Existing Online Authentication Mechanisms

We evaluate each of the currently available authentication mechanisms in e-commerce using six criteria: robustness; degree of acceptance; cost; ease of use; portability; and security. Robustness pertains to the extent to which the authentication mechanism achieves trust. Degree of acceptance refers to the open nature of the mechanism, that is, the extent to which it can be used across buyers, sellers, and products, and the availability of standardized, mature third-party processes that support robustness. Cost includes setup costs (for example, specific hardware or software requirements), communication costs (how much information needs to be transmitted), delay costs (time authentication takes), scalability, and maintenance/support cost. Ease of use involves similarity of the mechanism to conventional instruments, accessibility to computer-naïve users, and procedural simplicity. Portability pertains to the requirement for specific client machines, software, or hardware. Security concerns the extent to which the mechanism addresses message privacy, integrity, and non-repudiation.

There is also an important temporal dimension to online authentication. In identity authentication, extensive identity trust authentication needs to be achieved during a first-time buyer-seller interaction, whereas this can be reduced to verifying whether one is dealing with the same party during repeat transactions, through authentication mechanisms such as passwords, tokens, certificates, and cookies. Similarly, product identity authentication may be unnecessary beyond the first purchase of a given product. During the first transaction, the seller is motivated to provide a substantial amount of product information. However, once the buyer is familiar with the product and returns to buy more, the seller can significantly reduce the amount of descriptive information offered. Hence, the seller can customize the online transaction interface to the buyer's needs by excluding redundant bandwidth-consuming product information. Similarly, the quality assurance problem reduces over time as the number of repeat transactions increases. As such, quality authentication mechanisms are needed that effectively ensure quality during the first transaction and subsequently fade away as quality track records are built.

Back to Top

Evaluation of Current Authentication Mechanisms

Table 2 identifies seventeen authentication mechanisms that address one or more of the twelve authentication issues in Table 1, and summarizes their performance in terms of these issues. While the table is easy to interpret, we briefly discuss the evaluation of a couple of the mechanisms here as well.

Digital certificates, which can be established directly if the seller is a certification authority (CA), or indirectly through trusted third parties (such as Verisign, Entrust), enjoy high levels of robustness. However, offline verification is required for first-time transactions. Digital certificates enjoy the availability of standardized processes to check robustness, are relatively low cost, and are secure, through integration with secure protocols such as SSL (Secure Sockets Layer). However, as digital certificates reside on the client's machine, portability is low, and specific hardware or software at the seller side is needed if the seller is a CA. As can be seen from Table 1, digital certificates (#5) constitute a relatively open authentication mechanism that can be used to support buyer identity information, buyer identity trust, seller identity information, and seller identity trust authentication. Furthermore, when backed up by financial institutions, certificates (#6) also support buyer quality information, and buyer quality trust authentication. These two forms of authentication, as well as seller quality information and seller quality trust are also supported in case of repeat transactions.

Independent virtual communities (#14) support seller identity information, seller identity trust, seller quality information, seller quality trust, product identity information, product identity trust, product quality information, and product quality trust authentication. Unlike the potentially biased nature of virtual communities hosted by the seller (#13), independent virtual communities offer high levels of robustness. Furthermore, they constitute an easy-to-use, low-cost, portable, and secure authentication mechanism. However, as is the case with Web site content originating from public sources (#11), the opportunity for evoking such an authentication mechanism depends on the availability of intermediaries that address the product categories the seller is offering. In addition, if such independent virtual communities exist, they still need to show viable levels of participation and member integrity.

Finally, active digital market makers (#16) not only match demand to supply, but also support all areas of authentication in order to assure a well-functioning market by registering and verifying the participants and their offerings. Clearly, such intermediaries can extract a premium for building and running these marketplaces by providing a trusted online commerce environment in which buyers and sellers transact. If the market maker is neutral, that is, does not favor buyers over sellers or vice versa, high levels of robustness can be achieved. Furthermore, such an authentication mechanism is secure, portable, and easy to use. However, acceptance is limited as authentication is restricted to participating buyers and sellers and cannot be transferred outside the digital marketplace. On the other hand, passive digital market makers (#17) do not take responsibility for authenticating market participants. But they may still facilitate authentication through reputation systems that collect, distribute, and aggregate feedback about buyer, seller, and product identity and quality [10]. Obviously, the degree to which these reputation systems inspire trust is directly dependent on the difficulty of ensuring honest participation. As transaction history is built, however, the system may achieve higher levels of trust. As with active digital market makers, degree of acceptance may be low because users may not be allowed to export their ratings from one digital market to another (for example, eBay participants cannot use their ratings on Amazon.com [10]). On the positive side, reputation systems are low cost, easy to use, secure, and do not require specific client machines, hardware or software.

Back to Top

Overall Buyer, Seller, and Product Authentication

Using the information in Tables 1 and 2, we next evaluate how well buyer, seller and product authentication respectively are supported today.

Buyer Authentication. It is clear that overall buyer authentication in e-commerce is most reliably achieved through credit cards and digital certificates endorsed by financial institutions. Furthermore, as credit cards are highly portable, as opposed to digital certificates that reside on the buyer's machine, they currently provide the most effective means of achieving buyer authentication. It should be noted, however, that in both cases, a trusted third party such as a credit card company, credit agency, or other financial institution, is needed to achieve buyer identity trust and buyer quality trust authentication. Thus, currently, overall buyer authentication cannot be achieved without financial intermediaries.

Another point worth noting about existing mechanisms for buyer authentication is that most of these mechanisms require disclosure of identity. This is interesting, since many traditional transaction processes do not require identity disclosure (for example, cash-based sales in a store). Information about identity is used for marketing and relationship-building purposes, rather than for transacting. This suggests that quality authentication mechanisms that maintain anonymity should be attractive. An example of such a mechanism is the SET (Secure Electronic Transaction) scheme that major credit card firms have endorsed. Interestingly, adoption of SET has been extremely slow, mainly because merchants have balked at the potential loss of marketing information [2].

It is also interesting to note that integrated buyer authentication mechanisms involving credit cards or digital certificates backed by financial institutions remove the need for smart cards or tokens, machine/access device identification, or biometrics, which may explain the current low levels of adoption of these mechanisms. Furthermore, with respect to biometrics, buyers might have psychological reservations with using such devices (compare the fingerprint scanning of criminal suspects), as well as privacy concerns about disclosure of their unique biological traits.

Seller Authentication. Although there are a variety of robust seller-managed mechanisms such as URL advertising and virtual communities for overall seller authentication, they are not as effective as those that involve third parties. For instance, digital certificates can be used within standardized, reliable processes. However, digital certificates do not support seller quality information and seller quality trust authentication during a first time interaction. As such, the seller can enhance overall seller authentication by forging alliances with other third parties that can provide robust support for seller quality authentication. As seller quality authentication involves various aspects (such as credibility and privacy) more than one trusted third party might need to get involved. For instance, URL advertising, Web site content originating from public sources, and independent virtual communities can all be adopted to complement digital certificates.

Product Authentication. A robust means of achieving overall product authentication is product try-outs. Yet, product try-outs do not constitute a ubiquitous means of achieving overall product authentication. The high cost of providing product try-outs in e-commerce for physical products (setup, communication, delay, and scalability cost), and the difficulty or sheer impossibility of providing try-outs in service settings (for example, medical care), confine this mechanism to digital products (like software, digital news, digital music). Furthermore, unless carefully designed, they can motivate opportunistic behavior, such as the buyer keeping the try-out without buying the full product itself. As such, no ubiquitous, robust, overall product authentication mechanisms are currently available. Therefore, sellers need to use advertising to present product quality and induce the buyer to purchase the product so that the need for assuring product quality diminishes as track records are built.

Currently, product authentication does not typically involve trusted third parties. However, as no ubiquitous overall product authentication mechanism is currently available, new intermediaries may take up this role. As already discussed, e-malls and similar aggregators can provide robust product quality trust authentication. Similarly, the digital marketplaces in the business-to-business segment of e-commerce can contribute significantly to product quality authentication.

Back to Top

Open Problems in Current Authentication

Currently, three major open problems in online authentication need to be addressed. The first problem concerns the area of overall product authentication, for which no ubiquitous, robust online authentication mechanisms are currently available. As such, novel, robust product authentication mechanisms are needed to prevent online markets from sliding into disrepute. As discussed in the previous section, e-malls and active digital marketplaces may provide a solution to this problem by assuming the role of trusted third parties that assure product identity and quality. By virtue of these new intermediaries, honest sellers of high quality products can then market their goods and services online with confidence.

The second problem area involves the trustworthiness of the "trusted" third parties in online authentication. This problem is particularly significant given the observation that the current, robust buyer and seller authentication mechanisms all involve third-party intermediation. For instance, anyone can become a CA and issue digital certificates. However, how can the trustworthiness of these intermediaries, both in terms of their identity and quality, be established? Should the Government get involved as the ultimate protector of honest dealings?

The last problem pertains to situations in which one or both of the parties to the transaction want to maintain anonymity. This directly addresses the issue of whether it is possible to provide quality authentication without identity authentication. For instance, an industrial buyer may want to purchase raw materials in order to substantially increase production, without the seller knowing who he or she is, so that this information cannot leak to competitors. Thus, authentication mechanisms may be needed that establish traceable anonymity where quality authentication can be established without identity authentication. However, this situation implicitly changes every repeat transaction into a first-time transaction so that potential relationship-marketing benefits may be lost. As such, quality authentication mechanisms need to be developed that combine anonymity with the advantages of long-term, trusting, mutually beneficial buyer-seller relationships.

Back to Top

Conclusion

How can the authentication of the parties, products, and processes involved in online transactions be supported to foster the continued and widespread expansion of electronic commerce? We have tried to address this question through a framework of authentication in e-commerce and an evaluation of current technology and practice in online authentication. Furthermore, researchers and practitioners engaged in the area of e-commerce are presented with three major open authentication issues that need to be addressed to move closer to frictionless online commerce.

There are some additional directions for important research. For instance, multiparty authentication mechanisms, such as public key encryption and digital certificates, pose some non-trivial usability issues beyond ease-of-use that still need to be addressed, particularly for private transactions between individuals. As shown in [12], these range from key management and dissemination to procedural requirements on users and user-interface design. Also, in choosing between authentication mechanisms, there is a need for cost-benefit models to guide decision makers in determining the optimal support for buyer, seller, and product authentication. Another fruitful extension would involve the investigation of authentication in agent-mediated e-commerce. In such an online commerce environment, mechanisms are required to authenticate autonomous software agents. Although there are some interesting proposals for specification of trust processes in [1], considerable additional work is needed to develop robust mechanisms and protocols.

Back to Top

References

1. Autonomous Agents 2001. Fourth International Workshop on Deception, Fraud and Trust in Agent Societies, Montreal, Canada (May 29, 2001); www.ip.rm.cnr.it/news/wstrust.htm.

2. Basu, A. and Muylle, S. Online support for commerce processes by Web retailers. Decision Support Systems 34, 4 (Mar. 2003), 379–395.

3. Choi, S., Stahl, D., and Whinston, A. The Economics of Electronic Commerce. Macmillan Technical Publishing, Indianapolis, IN, 1997.

4. CommerceNet. Barriers to Electronic Commerce 2000 Study; http://www.commerce.net.

5. Friedman, B., Kahn, P., and Howe, D. Trust online. Commun. ACM 43, 12 (December 2000), 34–40.

6. Grazioli, S., and Jarvenpaa, S. Perils of Internet fraud: An empirical investigation of deception and trust with experienced Internet consumers. IEEE Transactions on Systems, Man, and Cybernetics—Part A: Systems and Humans 30, 4 (July 2000), 395–410.

7. Hoffman, D., Novak, T., and Peralta, M. Building consumer trust online. Commun. ACM 42, 4 (Apr. 1999), 80–85.

8. Jarvenpaa, S., and Tractinsky, N. Consumer trust in an Internet store: A cross-cultural validation. Journal of Computer-Mediated Communication 5, 2 (December 1999); http://www.ascusc.org/jcmc/vol5/issue2/jarvenpaa.html.

9. Kambil, A., and van Heck, E. Reengineering the Dutch flower auctions: A framework for analyzing exchange organizations. Information Systems Research 9, 1 (Mar. 1998), 1–19.

10. Resnick, P., Zeckhauser, R., Friedman, E., and Kuwabara K. Reputation systems. Commun. ACM 43, 12 (Dec. 2000), 45–48.

11. Sandhu, R., and Samarati, P. Authentication, access control, and audit. ACM Computing Surveys 28, 1 (Mar. 1996), 241–243.

12. Whitten, A., and Tygar, J.D. Why Johnny can't encrypt: A usability evaluation of PGP 5.0. Working paper, School of Computer Science, CMU (2002).

Back to Top

Authors

Amit Basu ([email protected]) is the Charles Wyly Professor of Information Systems, and Chairman of the Information Technology and Operations Management Department at the Edwin L. Cox School of Business, Southern Methodist University, Dallas, Texas.

Steve Muylle ([email protected]) is an assistant professor of marketing and director of the European Center for e-Business Studies at Vlerick Leuven Gent Management School, an assistant professor at Solvay Management School, and a guest professor of marketing at Ghent University, Belgium.

Back to Top

Figures

F1Figure 1. Dimensions of authentication in e-commerce.

Back to Top

Tables

T1Table 1. Authentication issues and supporting mechanisms.

T2Table 2. List and performance of current authentication mechanisms.

Back to top


©2003 ACM  0002-0782/03/1200  $5.00

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee.

The Digital Library is published by the Association for Computing Machinery. Copyright © 2003 ACM, Inc.